Malicious computer programs (also know as malware) such as viruses, worms, root kits, ransomware and the like, continue to grown in sophistication and affect computers around the world. Security vendors have developed increasingly sophisticated security software that aims to protect computers by trying to find known malicious files. Malware needs to find a vehicle into the system. Typically, this would be a foreign file (downloaded, received by email, copied from a USB stick, etc.) that resides on the system's disk. Therefore, the security software inspects each file that pops up on the system, and tries to figure out if it is bad (i.e., will do something malicious). The security software typically carries out the scanning and remediation using a global list of known bad signatures for files that have already been seen and are known to be malicious.
If malware is detected on a regular desktop computing environment, then it may be dealt with locally, with mitigations applied just on that machine. However, in a Virtual Desktop Infrastructure (VDI) or Server Based Computer (SBC) environment, a user desktop session typically runs inside a server (e.g., on a virtual machine) in a remote datacenter. There may be multiple users currently accessing the same environment who may all be impacted by malware from one user desktop session. Moreover, there are respective client machines connected to the server for each of the virtual machines, which extends the potential attack surface for the malware.